The present invention relates generally to provision of security services to Internet applications and more particularly to facilitating communication between a secure portable device and a host computer wherein the secure portable device is engaged in communication with a remote server via the host computer.
Co-pending patent application Ser. No. 11/564,121 describes a system and method for enabling the secure portable device to plug-and-play without installing any software on the host device. In that system the secure portable device is connected to a host computer. The secure portable device, for example, in non-volatile memory contains a card agent and a host agent. The card agent and host agent is both a division of labor of security functionality, e.g., cryptography services, between the secure portable device and the host computer, and a mechanism for providing security in the communication to the remote server.
The level of security and efficiency are trade-offs in determining how to divide responsibilities between the card agent and host agent. The more tasks that are placed on the card agent, which is executing on the secure portable device, the higher the security but the lower the performance as typically secure devices are more secure than host computers but do not provide as high performance. On the other hand, the more tasks that are placed on the host agent, which, is executing on the host computer, the higher the performance, but the lower the security as the host computer typically is not as secure as a secure device, but usually provides much more computing power and hence higher performance.
The co-pending patent application Ser. No. 11/564,121 presents a communication methodology for communication between the card-agent executing on the secure token and the host-agent executing on the host computer. That communication methodology uses the USB mass storage protocol for communicating data between the two devices. Similarly published US Patent Application Pub. No. 2004/0098596 to Laszlo Elteto, et al., entitled Driverless USB Security Token describes a security token in which data communication between the token and the host computer is performed over any of several communications protocols, e.g., USB mass storage or USB Human Interface Device protocols. While using USB mass storage protocol for data communication is a technique that is useful for providing a plug-and-play secure token, i.e., one in which no middleware must be pre-installed on the host computer to facilitate use of a secure token, it is not a particularly efficient mechanism for communicating the availability of data. The USB mass storage protocol, because the requirement to read a data buffer to determine whether any data has been placed in that data buffer, requires the participants in a communications session to poll designated mass storage data buffers to determine the issuance of communications messages. That is not very efficient.
Secure communication is usually achieved by having some level of authentication between communication participants and securing subsequent communications by an encryption/decryption mechanism. Not all communications with a secure token justifies the same level of communications security. A secure token as presented in co-pending patent application Ser. No. 11/564,121 may be used for a variety of purposes.
From the foregoing it will be apparent that there is a need for an improved method to indicate the availability of data communicated between a secure portable device and remote servers over the USB mass storage protocol. Furthermore, it is desirable to provide a mechanism that provides multiple levels of security of the communication between a computer and a secure token in an efficient manner.
A solution is detailed in the annexed set of claims.